IPV6 and firewall on SMCD3G-CCR

Hi,

I'm trying to get IPV6 working at a site in Boston. After a bit of troubleshooting, I've determined that my business gateway is firewalling incoming IPV6 traffic. I can get connectivity to devices that are directly connected to the cable modem by adding them to 'allow ipv6 access from outside' table in the pictured configuration screen. The problem I'm having is that the 'disable all ipv6 access rules' checkbox on that screen has no effect. Has anyone seen this problem and found a solution/workaround?

It may be related, on the LAN->IPv6 Setup page, the table that shows 'External Router Delegated Prefix:' is empty even though the cable modem has delegated a /64 prefix to the connected router.

Re: IPV6 and firewall on SMCD3G-CCR

I had a conversation with a Comcast Business tech support person. She told me that IPv6 isn't supported on modems with static IP addresses. Could that be correct?

I could understand if Comcast wasn't ready to give out static IPv6 addresses. But, we're already getting [dynamic] IPv6 addresses and the modem firmware is mature enough to delegate a prefix to connected routers. My problem seems like a bug on the modem.

Re: IPV6 and firewall on SMCD3G-CCR

Maybe she meant that static IPv6 isn't supported yet? I have IPv6 with a static 4 address, and my office router pulls a 6 address just fine on the public facing interface. Internally, not so much. Best I can figure, that's because Comcast only seems to hand out /64 prefixes now, which I'm told is a limitation in the 'gateway modem' firmware. Anyhow, it seems to make routing IPv6 traffic impossible, I'm guessing because each side of the network thinks it's responsible for routing that prefix.

Which could also be what she was referring to since having a static IP4 address requires using one of their gateway modems, in at least "pseudo-bridge" mode. When I was a comcast home customer, I had a dynamic IP, a gateway in actual bridge mode, and was delegated a /60 prefix.

Personally, I find it hard to believe that static IPv4 is impossible without a modem+gateway+wifi+router+kitchen_sink, or that such a device would not only be limited to a fixed /64 prefix, but would present it in a clearly editable field.

If there is a legitimate technical reason for it, I'd sure love to hear what it is.

If there's a reason I've overlooked for my routing woes, especially one with a fix, I'd love to hear that too.

Oh, and the dang thing's firewall logs show tons of dropped IPv6 packets, despite being turned off. I don't know about the model they gave you, but on mine (DPC3939B) the "log" is just a useless packet count.